14 matches found
CVE-2026-3489
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...
WordPress DirectoryPress - Business Directory And Classified Ad Listing plugin <= 3.6.26 - Unauthenticated SQL Injection via 'packages' vulnerability
WordPress DirectoryPress - Business Directory And Classified Ad Listing plugin = 3.6.26 - Unauthenticated SQL Injection via 'packages' vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin DirectoryPress versions = 3.6.26...
EUVD-2026-23223
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...
CVE-2026-3489
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...
CVE-2026-3489 DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.26 - Unauthenticated SQL Injection via 'packages'
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...
CVE-2026-3489
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...
CVE-2026-3489 DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.26 - Unauthenticated SQL Injection via 'packages'
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...
CVE-2026-3489
The CVE-2026-3489 entry concerns the DirectoryPress WordPress plugin (Business Directory and Classified Ad Listing) with vulnerable versions up to 3.6.26. The issue is an SQL Injection via the 'packages' parameter caused by insufficient escaping of user input and inadequate SQL query preparation,...
PT-2026-33309
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...
CVE-2024-33535
An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion LFI in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without...
PT-2024-5816 · Zimbra · Zimbra Collaboration
Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions 9.0 through 10.0 Description: A reflected cross-site scripting XSS vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the...
CVE-2024-33535
CVE-2024-33535 affects Zimbra Collaboration (ZCS) 9.0 and 10.0 via unauthenticated local file inclusion (LFI) in a web application, specifically in how the packages parameter is handled. The flaw allows an attacker to include arbitrary local files without authentication within a restricted direct...
PT-2024-8885 · Zimbra · Zimbra Collaboration
Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions 9.0 through 10.0 Description: The issue involves unauthenticated local file inclusion LFI in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw t...
CVE-2017-14537
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php...